Tutorial-How to use letsencrypt public beta to get a new SSL certificate

New information:
Requesting a certificate for your domains on an apache webserver running on Debian server is extremely easy.
Install certbot, a utility to help request letsencrypt certificates:

apt-get install python-certbot-apache -t jessie-backports

Now run it:

certbot --apache

This will start a curses interface to select sites whose certificates you want to renew.
This works very well and worked when the certicate module of webmin was botched up.

Older post:
This tutorial describes how to create a new SSL certificate using Let’s Encrypt (Public beta as of 06/12/2015).

Let’s Encrypt doku is at: http://letsencrypt.readthedocs.org/en/latest/using.html#installation

Let’s create a new droplet at Digitalocean to test Let’s Encrypt.
Now login via ssh to the server:

Install git, an editor (I prefer emacs) and letsencrypt:

apt-get install git emacs
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

To install and run the client you just need to type:

./letsencrypt-auto certonly --webroot -w /var/www/virtual/maindomain.com/mydomain.in/htdocs/ -d www.mydomain.in -d mydomain.in

IMPORTANT NOTES:
– If you lose your account credentials, you can recover through
e-mails sent to [email protected]
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/www.mydomain.in/fullchain.pem. Your cert will
expire on 2016-03-05. To obtain a new version of the certificate in
the future, simply run Let’s Encrypt again.
– Your account credentials have been saved in your Let’s Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let’s
Encrypt so making regular backups of this folder is ideal.
– If like Let’s Encrypt, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Automatically installing letsencrypt certificates for a server running i-mscp control panel:
Once you’ve generated certificates as mentioned above, login to i-mscp,
Go to https://yourcpsite.com:2087/client/domains_manage.php
Next to your domain, click on “Add/Edit SSL Certificate”

Use the contents of the following file for each text box:

Private key -> /etc/letsencrypt/live/www.elephant.in/privkey.pem
Certificate -> /etc/letsencrypt/live/www.elephant.in/cert.pem
Intermediate certificate(s) -> /etc/letsencrypt/live/www.elephant.in/chain.pem

Manually installing letsencrypt certificates for a server running i-mscp control panel:
The following additional information pertains to manually installing these certificates for a server running i-mscp:

So, you’ve generated a certificate for the site www.elephant.in. The files created are at /etc/letsencrypt/live/www.elephant.in/ and are as followings:

lrwxrwxrwx 1 root root   36 Dec  6 09:12 cert.pem -> ../../archive/www.elephant.in/cert1.pem
lrwxrwxrwx 1 root root   37 Dec  6 09:12 chain.pem -> ../../archive/www.elephant.in/chain1.pem
lrwxrwxrwx 1 root root   41 Dec  6 09:12 fullchain.pem -> ../../archive/www.elephant.in/fullchain1.pem
lrwxrwxrwx 1 root root   39 Dec  6 09:12 privkey.pem -> ../../archive/www.elephant.in/privkey1.pem

Copy these as follows:

cp /etc/letsencrypt/live/www.elephant.in/privkey.pem /var/www/imscp/gui/data/certs/elephant.in.privkey.pem
cp /etc/letsencrypt/live/www.elephant.in/cert.pem /var/www/imscp/gui/data/certs/elephant.in.cert.pem
cp /etc/letsencrypt/live/www.elephant.in/chain.pem /var/www/imscp/gui/data/certs/elephant.in.chain.pem

Now edit the file /etc/apache2/sites-enabled/elephant.in_ssl.conf:

Add/Edit the following directives:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem
SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem

Restart apache2:

service apache2 restart

Now reload your website, and you will see the following certificate information:

SSLEngine On
SSLCertificateFile /var/www/imscp/gui/data/certs/elephant.in.cert.pem
SSLCertificateChainFile /var/www/imscp/gui/data/certs/elephant.in.chain.pem
SSLCertificateKeyFile /var/www/imscp/gui/data/certs/elephant.in.privkey.pem

If your site shows invalid issuer information, you havent done these steps correctly.

Renewing certificates

Let’s Encrypt CA issues short lived certificates (90 days). Make sure you renew the certificates at least once in 3 months.

For renewing, use the same command as you did when you generated the certificates. For automating renewal use --renew-by-default.

Eg:

./letsencrypt-auto certonly --webroot -w /var/www/virtual/joel.co.in/elephant.in/htdocs/ -d www.elephant.in -d elephant.in --renew-by-default

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Installing a Domain control panel on a new VPS

I bought a new VPS subscription and decided to install the open source ISPCP on it, as it has proven its excellence hosting my domains on c0urier’s home network. It seems to be on par with existing paid solutions like cpanel.

First thing you do is to get the software. It’s available as a tarball here.

Setting php settings for Debian server

I wanted to find out which config file is being used for “local value” in php for max uploads, max execution time etc. It seems to override my master value in the php.ini file.

I finally found out the configuration file which was overriding my master value. The funny thing is that it seems to be a Debian way of configuration, and not universal to apache2 and php. Hence it was undocumented anywhere in the Apache2 documentation.

After many hours of scratching my head, what helped me determine the file was this article. I quote the relevant info:

Active Configuration Files

# /etc/apache2/apache2.conf - pulls in additional
# configurations in this order:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
Include /etc/apache2/httpd.conf
Include /etc/apache2/ports.conf
Include /etc/apache2/conf.d/[^.#]*
Include /etc/apache2/sites-enabled/[^.#]*

So ultimately what I did was to reach /etc/apache2 and do a full grep for “30”, the php execution time limit that was seen as local value.

[email protected]:/etc/apache2# grep -niR '30' *
apache2.conf:67:Timeout 300
magic:693:0     belong          0x0e031301              application/x-hdf
magic:728:#0      byte       0x30
magic:875:>30           string  Copyright\ 1989-1990\ PKWARE\ Inc.      application/x-zip
magic:878:>30           string  PKLITE\ Copr.   application/x-zip
mods-available/ssl.conf:44:SSLSessionCacheTimeout  300
mods-available/fastcgi_imscp.conf:42:                  -idle-timeout 300
mods-available/fastcgi_imscp.conf:47:   FastCgiServer /var/www/fcgi/master/php5-fcgi-starter -user vu2000 -group vu2000 -idle-timeout 300
mods-available/fcgid_imscp.conf:37:  BusyTimeout 300
mods-enabled/ssl.conf:44:SSLSessionCacheTimeout  300
sites-available/joel.co.in.conf:110:            php_admin_value max_execution_time 30
sites-available/joel.co.in.conf:113:            php_value error_reporting 30711
sites-enabled/joel.co.in.conf:110:            php_admin_value max_execution_time 30
sites-enabled/joel.co.in.conf:113:            php_value error_reporting 30711

As you can see the first file that shows 30 secs is this: /etc/apache2/sites-enabled/joel.co.in.conf

So I edited it:

Around Line 110 (Emacs>Alt-GG) is this block:

 <IfModule php5_module>
            php_admin_value open_basedir "/var/www/virtual/joel.co.in/:/var/www/virtual/joel.co.in/phptmp/:/usr/share/php:/usr/share/pear/"
            php_admin_value upload_tmp_dir "/var/www/virtual/joel.co.in/phptmp/"
            php_admin_value session.save_path "/var/www/virtual/joel.co.in/phptmp/"
            php_admin_value sendmail_path "/usr/sbin/sendmail -f [email protected] -t -i"

            # Custom values
            php_admin_value max_execution_time 30
            php_admin_value max_input_time 60
            php_admin_value memory_limit "128M"
            php_value error_reporting 30711
            php_flag display_errors off
            php_admin_value post_max_size "10M"
            php_admin_value upload_max_filesize "10M"
            php_admin_flag allow_url_fopen off
        </IfModule>

I changed that line

php_admin_value max_execution_time 30

from 30 to 70, and Voila! It was reflected in the phpinfo!

Final Conclusion:

For my Debian server,

Master value:  /etc/php5/apache2/php.ini
Local value: /etc/apache2/sites-enabled/joel.co.in.conf

The second time I reinstalled the server these files were absent. I had to:

chmod u=rw ./var/www/fcgi/joel.co.in/php5/php.ini
grep -in 'phpinfo' ./var/www/fcgi/joel.co.in/php5/php.ini
385:disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,shell,symlink
[[email protected]] / #emacs ./var/www/fcgi/joel.co.in/php5/php.ini
[[email protected]] / #service apache2 restart

 

Setting Timezone for the server:

There are two settings to be done, one for the server, and another for php.

For the server:

Reconfigure with:

dpkg-reconfigure tzdata

For php:

[email protected]:/etc# grep -ni 'date\.timezone' ./php5/apache2/php.ini
947:; http://php.net/date.timezone
948:date.timezone = Europe/Moscow

Change Europe/Moscow to Asia/Kolkata.

Now phpinfo will show the correct timezone.

Setting up key based authentication

When I login to the VPS, I am asked for a password and dropped into /root. openssh seems to have been already installed.

So, I have to create a folder to hold my keys.

First I need to see the default location and modify it if necessary.

[email protected]:~# grep -i 'AuthorizedKeysFile' /etc/ssh/sshd_config
#AuthorizedKeysFile     %h/.ssh/authorized_keys

All’s well. Apparently by default openssh is setup to read keys from the user’s home directory, from the .ssh subfolder.

So create this folder and assign permissions to it:

cd $HOME
mkdir .ssh
chmod 700 ~/.ssh

Now, from your PC, transfer your public and private keys to the server with scp, using your password and root as username.

Once done, `cat` the public key, and add it to a new text file ~/.ssh/authorized_keys

Save the file.

Restart openssh service. Now you will be able to connect without password (or using the key’s password)

service ssh restart

(Apparent) Error noticed after installing i-mscp:

php5 module seemed to be removed/not installed automatically. I had to :

apt-get install libapache2-mod-php5
service apache2 restart[/code]
for it to work properly. But once php5 module is installed, php starts working, but i-mscp control panel gets an error and stops loading. All this seems weird.

Edit: Apparently I was wrong. phpinfo had been disabled in imscp due to security reasons.

Install Locales:
aptitude install locales-all
dpkg-reconfigure locales

Setting up DNS:

Edit /etc/resolv.conf and add the following line to the top:

nameserver 89.233.43.71
nameserver 89.104.194.142

You can replace these by your favorite DNS resolver.

Cannot receive email on ispcp (VPS)

The error message noted was:

"Delivery to following recipient failed [email protected] User unknown in local recipient table"

This was due to improperly configured hostname, and existence of sendmail

Remove sendmail:

aptitude search sendmail
aptitude purge sendmail-base sendmail-cf sendmail-doc

Confirm with:

netstat -plunt

or:

netstat -lpn | grep 'sendmail'

 

Setting both local hostname and imscp hostname fixed it.

perl  imscp-autoinstall -sdr hostname

should be done to make sure the imscp hostname is set to be the same as the result of hostname -f

The server hostname defined in /etc/imscp/imscp.conf should be same as the actual hostname as defined in:

[email protected]:~# hostname -f
r2d2.joel.co.in

[email protected]:~# cat /etc/hostname

r2d2

Note that /etc/hostname is actually the prefix of server (not fully qualified domain name).

In addition there should be an MX record pointing to correct hostname to the IP, and an A record for the same

;; QUESTION SECTION:
;joel.co.in.                    IN      MX

;; ANSWER SECTION:
joel.co.in.             14400   IN      MX      10 r2d2.joel.co.in.

;; AUTHORITY SECTION:
joel.co.in.             294262  IN      NS      ns101.dnsever.com.
joel.co.in.             294262  IN      NS      ns108.dnsever.com.
joel.co.in.             294262  IN      NS      ns77.dnsever.com.

;; ADDITIONAL SECTION:
r2d2.joel.co.in.        14400   IN      A       50.7.228.37
ns101.dnsever.com.      3166    IN      A       121.254.188.101
ns108.dnsever.com.      3166    IN      A       121.254.188.108

 

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.
Download from file sharing sites, remotely, with the linux command line

Download from file sharing sites, remotely, with the linux command line

Newer Update:
Downloading from file sharing sites can be done from the command line using a nifty program called plowshare.

Download it from here.

Now install it:

wget https://plowshare.googlecode.com/files/plowshare4_1~git20140112.7ad41c8-1_all.deb
dpkg -i plowshare4_1~git20140112.7ad41c8-1_all.deb
apt-get install -f

Older post:

Working on the XDA server, I needed to import Rom firmware to work on them. Having an extremely slow connection speed, I cursed the few XDA users who uploaded the firmware to file sharing sites like Hotfile, no doubt to encash on the revenue offered by these sites. I cant blame them, been there, done that. 😉

Anyway, I made a serrendipitious discovery of a program which runs on the bash command line, and downloads from file sharing sites, circumventing or working along their javascript based countdown tickers (which make piecemeal of web based browsers like links and elinks), and their captchas. In case of Recaptchas, the program downloads the captcha image and asks for user input to decipher the text in it.

It’s called plowdown and like all other awesome things, it’s an open source project, currently hosted on Google Project pages. Download it here.

I tried it while working on the xda system, and it worked wonders. It downloaded a 1GB Note 2 firmware in maximum speed, without any issues whatsoever. Problem solved. I could now work on the file remotely without having to download it to my PC first. And along with other tricks I’ve already mentioned, I could even remote copy it to Goo servers and share it. I also remote ftpd the file to my own host.

Here’s the program working along.

To install the program:

Download the latest source tarball from the Google Code repo

Extract it

tar -xvvf plowshare4-snapshot-git20121104.411fdec.tar.gz

Now install it to a local directory

make install PREFIX=/home/droidzone/myapps

Using the program:

In case of Samsung leaked Roms, most of the files seem to be hosted on Hotfile. Plowdown works very well on Hotfile. You can use the following command to download a typical file:

wget `plowdown http://www.hotfile.com/dl/187869240/8e5ac43/N7100XXDLL7_N7100ODDDLL2_INU.zip.html`

This leads to:

[[email protected]] ~ $wget `plowdown http://www.hotfile.com/dl/187869240/8e5ac43/N7100XXDLL7_N7100ODDDLL2_INU.zip.html`
Starting download (hotfile): http://www.hotfile.com/dl/187869240/8e5ac43/N7100XXDLL7_N7100ODDDLL2_INU.zip.html
Waiting 30 seconds... done         
No ascii viewer found to display captcha image
Local image: /tmp/plowdown.22419.27107.recaptcha.jpg
Leave this field blank and hit enter to get another captcha image
Enter captcha response (drop punctuation marks, case insensitive): TRADES edlePer
File URL: http://s177.hotfile.com/get/868a280af7edca209458390c8bc18da53af1ebb5/50ecebe8/320/c78ada7ded148d27/b32a838/N7100XXDLL7_N7100ODDDLL2_INU.zip
Filename: N7100XXDLL7_N7100ODDDLL2_INU.zip

Note the prompt for the captcha image. The image saved remotely can be scp-d to a local folder, viewed locally, and the captcha typed back in at the prompt. It’s all very easy!


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Pushing a file via ftp and the bash command line to an ftp server

Since I work with the XDA server, I often have to work on stuff in the XDA server, finish it and upload it to my host. Now Goo.im conveniently offers a sftp access, that makes everything very easy. A simple scp command can transfer the file (already descibed elsewhere on my blog). However when it comes to transferring the files via simple ftp, things are a bit different. You need a bash scrip to do it.

I’ve used this script from  Ubuntuforums to suit my needs perfectly:

# The next 9 lines are lifted from mickwombat's script
#!/bin/sh
USERNAME="[email protected]"
PASSWORD="myftppassword"
SERVER="ftp.droidzone.in"
# Directory where file is located
DIR=$2
#  Filename of backup file to be transfered
FILE=$1
# login to ftp server and transfer file

curl -T $FILE -u $USERNAME:$PASSWORD $SERVER/$DIR/

This very neatly takes the file specified in the first argument, and transfers it to ftp.droidzone.in/dir where dir is the specified directory.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Setting up Keepass with Chrome and Firefox

A newer and more detailed post regarding Keepass can be found here.

  1. Install Keepass by running the Keepass installer exe (Alternately use the portable version).
  2. Get the latest version of KeePassHttp.plgx
  3. Copy KeePassHttp.plgx manually to %PROGRAMFILES(X86)%\KeePass Password Safe 2 (Or anywhere else you’ve installed Keepass exe to). It should be in the main directory which also contains KeePass.exe. If you copied it correctly, Keepass will show a “Compiling plugins” window next time it is run.
  4. Install Chromipass for Chrome from here. Alternately, Install Keefox for Firefox if you’re using Firefox.
  5. Now, open your database (or create a new one), assign a key and do whatever you want to do.

I move my Keepass database to my dropbox folder. Make sure to set up a very strong password for Dropbox before you do, however :), and never ever keep the Keepass Database and Key in the same location. You could simply put one in Dropbox and the other in Google Drive, or alternately encrypt the key and keep in the same location.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

SSH access, generating and using SSH keys (Linux)

Generating the SSH key

ssh-keygen -t rsa

 

[[email protected]]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/droidzone/.ssh/id_rsa): /home/droidzone/.ssh/id_rsa_hostgator_ubuntu
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.
Your public key has been saved in /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub.
The key fingerprint is:
1a:24:ff:8d:f0:8a:64:c4:7a:de:d1:8f:15:5a:55:c5 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
+-----------------+

Now, you can view your public key with:

cat /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub

Logging in to the server

You can login to the server using your password with:

ssh -p 2222 [email protected]

Here, myusername is my user name (obviously), and 174.12.1.7 is the ip address of the host.

[[email protected]]$ ssh -p 2222 [email protected]
[email protected]'s password: 
Last login: Thu Sep 2 12:06:19 2012 from 9.3.34.8

[hostgator ~]$

Adding the key to the remote server

Now, that you can confirm the server credentials and generated a public/private key pair, you wish to create a passwordless login to access the server quickly from your machine.

You have already created the pair, so the next step is to transfer your public key to the server. You can do this by manually adding the public key to your server’s ~/.ssh/authorized_keys2 or ~/.ssh/authorized_keys (newer). Just do a:

ls -l ~/.ssh

and see which file your server uses.

You should now copy the entire text shown by:

cat /home/droidzone/.ssh/id_rsa_hostgator_ubuntu.pub[/code]
and append it to the end of the remote server's ~/.ssh/authorized_keys2 or ~/.ssh/authorized_keys. For this you can open the relevant file in emacs.
emacs ~/.ssh/authorized_keys2

At the end of the current last line (last letter), press Enter.

Paste with Ctrl-Shift-V (i.e paste the new public key as the last line).

Save the file with Ctrl-X Ctrl-C.

Now, you can do a passwordless login to the server with:

ssh -i ~/.ssh/id_rsa_hostgator_ubuntu -p 2222 [email protected]

Here, id_rsa_hostgator_ubuntu is your private key file. You can of course automate this with this a bash script.

Adding a ssh key to remote server with a single command:

Generate key:

ssh-keygen -t rsa

Add the key:

cat ~/.ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Quering DNS records – The dig tool

Basic format:

[email protected]:~$ dig droidzone.in

; <<>> DiG 9.8.1-P1 <<>> droidzone.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59555
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;droidzone.in. IN A

;; ANSWER SECTION:
droidzone.in. 27895 IN A 93.182.179.225

;; AUTHORITY SECTION:
droidzone.in. 85494 IN NS ns2.enames.in.
droidzone.in. 85494 IN NS ns1.enames.in.
droidzone.in. 85494 IN NS ns.enames.in.
droidzone.in. 85494 IN NS ns3.enames.in.

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 18 22:38:57 2012
;; MSG SIZE rcvd: 124

The printcmd options means that the command section (the name given to these first two line) is printed. You can turn it off by using the option +nocmd.

Dig can yield specific records like A or MX:

[email protected]:~$ dig droidzone.in A

; <<>> DiG 9.8.1-P1 <<>> droidzone.in A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61546
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;droidzone.in.                  IN      A

;; ANSWER SECTION:
droidzone.in.           27811   IN      A       93.182.179.225

;; AUTHORITY SECTION:
droidzone.in.           85410   IN      NS      ns.enames.in.
droidzone.in.           85410   IN      NS      ns1.enames.in.
droidzone.in.           85410   IN      NS      ns2.enames.in.
droidzone.in.           85410   IN      NS      ns3.enames.in.

;; Query time: 24 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 18 22:40:21 2012
;; MSG SIZE  rcvd: 124

[email protected]:~$ dig droidzone.in MX

; <<>> DiG 9.8.1-P1 <<>> droidzone.in MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52453
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 10

;; QUESTION SECTION:
;droidzone.in.                  IN      MX

;; ANSWER SECTION:
droidzone.in.           28800   IN      MX      30 aspmx4.googlemail.com.
droidzone.in.           28800   IN      MX      30 aspmx5.googlemail.com.
droidzone.in.           28800   IN      MX      10 aspmx.l.google.com.
droidzone.in.           28800   IN      MX      20 alt1.aspmx.l.google.com.
droidzone.in.           28800   IN      MX      20 alt2.aspmx.l.google.com.
droidzone.in.           28800   IN      MX      30 aspmx2.googlemail.com.
droidzone.in.           28800   IN      MX      30 aspmx3.googlemail.com.

;; AUTHORITY SECTION:
droidzone.in.           85401   IN      NS      ns.enames.in.
droidzone.in.           85401   IN      NS      ns3.enames.in.
droidzone.in.           85401   IN      NS      ns1.enames.in.
droidzone.in.           85401   IN      NS      ns2.enames.in.

;; ADDITIONAL SECTION:
aspmx.l.google.com.     3       IN      A       173.194.79.26
aspmx.l.google.com.     208     IN      AAAA    2607:f8b0:400e:c01::1b
alt1.aspmx.l.google.com. 234    IN      A       74.125.142.27
alt1.aspmx.l.google.com. 97     IN      AAAA    2a00:1450:4010:c04::1b
alt2.aspmx.l.google.com. 206    IN      A       74.125.130.27
alt2.aspmx.l.google.com. 96     IN      AAAA    2a00:1450:4010:c04::1a
aspmx2.googlemail.com.  212     IN      A       74.125.142.27
aspmx2.googlemail.com.  105     IN      AAAA    2a00:1450:4010:c04::1a
aspmx3.googlemail.com.  60      IN      A       74.125.130.27
aspmx3.googlemail.com.  99      IN      AAAA    2a00:1450:4010:c04::1a

;; Query time: 353 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 18 22:40:30 2012
;; MSG SIZE  rcvd: 507

[email protected]:~$

In most cases, you dont need all that output.

[email protected]:~$ dig droidzone.in MX +short
20 alt2.aspmx.l.google.com.
30 aspmx2.googlemail.com.
30 aspmx3.googlemail.com.
30 aspmx4.googlemail.com.
30 aspmx5.googlemail.com.
10 aspmx.l.google.com.
20 alt1.aspmx.l.google.com.

This option can be added as default to dig by editing ~/.digrc to have the following:

To use a different name server call dig with the first parameter as@nameserver. For example we can query ns.hosteurope.com directly like this:

	
dig @ns.hosteurope.com www.droidzone.in

My ~/.digrc contains:

 

+noall 
+answer

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Reset Ajaxplorer admin password

The file storing the credentials is at ajaxplorer Root/data/plugins/auth.serial/users.ser

Open users.ser in a text editor.

You will see something like:

a:1:{s:5:"admin";s:32:"56667e63ce1b1b92ceae65048dd5df00d";}

Note the long string after admin. In the example, it is 56667e63ce1b1b92ceae65048dd5df00d

Change it to known encoded string.

Example:

For a test password of ‘qnap2012’, the password will be ‘9d2d363ce1b1b92ceae65048dd5df00d’.

For the password ‘password’, the encoded string is ‘5f4dcc3b5aa765d61d8327deb882cf99’

Finally the file looks like this:

a:1:{s:5:"admin";s:32:"9d2d363ce1b1b92ceae65048dd5df00d";}

Now you can login with admin/qnap2012 and reset the password.

Credits for Tip goes to father_mande at this forum.

 

Other related help regarding Ajaxplorer

Note that the default home folder for each user is created at [AJAXplorerRoot]/data/personal/[USERNAME]/


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Reset Ajaxplorer admin password

The file storing the credentials is at ajaxplorer Root/data/plugins/auth.serial/users.ser

Open users.ser in a text editor.

You will see something like:

a:1:{s:5:"admin";s:32:"56667e63ce1b1b92ceae65048dd5df00d";}

Note the long string after admin. In the example, it is 56667e63ce1b1b92ceae65048dd5df00d

Change it to known encoded string.

Example:

For a test password of ‘qnap2012’, the password will be ‘9d2d363ce1b1b92ceae65048dd5df00d’.

For the password ‘password’, the encoded string is ‘5f4dcc3b5aa765d61d8327deb882cf99’

Finally the file looks like this:

a:1:{s:5:"admin";s:32:"9d2d363ce1b1b92ceae65048dd5df00d";}

Now you can login with admin/qnap2012 and reset the password.

Credits for Tip goes to father_mande at this forum.

 

Other related help regarding Ajaxplorer

Note that the default home folder for each user is created at [AJAXplorerRoot]/data/personal/[USERNAME]/


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.
Using Keepass with Chrome and Firefox

Using Keepass with Chrome and Firefox

Keepass, an open source software, is arguably one of the best password management tools available. My personal favorite is Lastpass for the sheer number of available features, and because of close integration with Chrome. Keepass however seems to have a few issues with Chrome, though Firefox integration with the Keefox extension is perfect.

Edit:
Newer steps for installation of chromipass on Linux Mint 18.1 Serena (updated April 2017):
1. Install Chromipass for Chrome.
2. Visit keepassxc-debian github page and get the latest .deb packages.

https://github.com/magkopian/keepassxc-debian/releases/download/2.1.4-1/keepassxc_2.1.4-1_amd64_stable.deb

3. Install the deb:

sudo dpkg -i keepassxc_2.1.4-1_amd64_stable.deb

4. Open keepassxc, open your database and enter password or choose key file.
5. Install mono-complete
apt-get install mono-complete
6. Download keepass http:

wget https://raw.github.com/pfn/keepasshttp/master/KeePassHttp.plgx
sudo cp KeePassHttp.plgx /usr/lib/keepass2/
sudo chmod 644 /usr/lib/keepass2/KeePassHttp.plgx

Older article:
This article explains how to install Keepass on Windows and Linux, and has been tested to work with Keepass 2.22, and Windows 8 64 bit, Ubuntu 12.10 and Debian Squeeze.

To use Keypass with your browsers:

How to install and use Keepass on Windows 7 and 8

The following article applies to Windows 7/8. For Linux info, skip to the end.

How to install and use Keepass on Windows 7 and 8 on Firefox:

Install the latest Keepass installer

Install Keefox extension

Run Keepass, create a database, and add either a Master password or Master Password+Composite key (This is a composite key. Both Key and password will be required), or just a Key.

Import your prior passwords (If using Lastpass, export from Lastpass to a .csv file, and then import the .csv file into Keepass, using the  Keepass menu>Import>Generic csv importer.

Save the key database (Only on saving does your master password and key file get updated into the database).

Now, on running Firefox, Keepass and Keefox will connect.

How to install and use Keepass on Windows 7 and 8 on Chrome/Chromium:

Install the latest Keepass installer

Install Chromipass extension from the Chrome web store.

Download KeePassHttp.plgx from the Github repo here. (If you omit this step, you will get a “KeePassHttp: Error: NETWORK_ERR: XMLHttpRequest Exception 101” error.

Copy the downloaded file to C:\Program Files (x86)\KeePass Password Safe 2\plugins (for 64 bit Win7/8). You can use the environment variable:

%PROGRAMFILES(X86)%\KeePass Password Safe 2
MWSnap004 2013-04-14, 10_19_41

The easiest way to get the correct location is probably to choose Keefox options from Firefox, and look at the Keepass Tab.

Now visit any site with a username/password field, Click on the small Chromipass icon and follow the prompts to Connect Chromipass and Keypass.

Run Keepass, create a database, and add either a Master password or Master Password+Composite key (This is a composite key. Both Key and password will be required), or just a Key.

Import your prior passwords (If using Lastpass, export from Lastpass to a .csv file, and then import the .csv file into Keepass, using the  Keepass menu>Import>Generic csv importer.

Save the key database (Only on saving does your master password and key file get updated into the database).

Common errors and their solutions:

Error #1: Unable to start HttpListener: System.Net.HttpListenerException (0x80004005): Failed to listen on Prefix ‘http://localhost:19455/’ because it conflicts with an existing registation on the machine.

The error is due to two copies of the file KeePassHttp.plgx. In my case, I had one at C:\Program Files (x86)\KeePass Password Safe 2\plugins, and another one at C:\Program Files (x86)\KeePass Password Safe 2. I deleted the latter, and the error disappeared.

Installing Keepass in Ubuntu 12.10:

Firefox

Install Keepass from the Ubuntu repo. Install latest Firefox from Mozilla. Now download and install the Keefox plugin for Firefox. Manually copy the .pglx file from the Firefox profile folder to /usr/lib/keepass2 (as suggested by the extension). Open up Keepass2 and then Firefox. Opening the database links them up.

sudo add-apt-repository ppa:jtaylor/keepass
sudo apt-get install mono-complete
sudo apt-get install keepass2
sudo cp [email protected]/deps/KeePassRPC.plgx /usr/lib/keepass2/

Note: You need to use the correct path as applicable to your PC.

Chrome

Association of Chrome with Chromipass and Keepass2 is buggy. It works on some sites but not on others. The author himself states that he was unable to associate these properly with the .pglx extension. The steps are the same. Get the specific files from Github, copy them to /usr/lib, install Keepass2 from the repo, and Chromipass from Chrome web store.

Note that the folder /usr/lib should contain the following files:

$l /usr/lib/keepass2/
total 2.4M
-rw-r--r-- 1 root root  252 Sep 28  2007 KeePass.config.xml
-rwxr-xr-x 1 root root 1.8M Sep 23 05:43 KeePass.exe
-rw-r--r-- 1 root root  535 May  1  2012 KeePass.exe.config
-rw-r--r-- 1 root root 180K Jan  7 09:53 KeePassHttp.plgx
-rw-r--r-- 1 root root 370K Jan  7 09:59 KeePassRPC.plgx

 

Once you’ve done this, reloading the browser asks for association.

Note that autofilling does not usually work in Chrome on Linux with Keepass2 and Chromipass. You can check if right clicking works.

Selection_001


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.